88a404c631aed90145091d17f3e1e34d5936051c1353a529448419f0098dff22[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

88a404c631aed90145091d17f3e1e34d5936051c1353a529448419f0098dff22.exe
Size

1.3MB
MD5

062080eeb82fd1ecd2bace697a0cd9df
SHA1

cae1f6ab41912aa623aa7725481b6a4e4419b7ac
SHA256

88a404c631aed90145091d17f3e1e34d5936051c1353a529448419f0098dff22
SHA512

a2c28a79c1f9b98efd5fad07a7cb8f13bd8bd87867700a97381aab563f1072a124799e6185e6298ade4b984dc42cc7febcdb8689640c5c5a855dc3620e92f389
SSDEEP

24576:ykDALjFf+flXChb0QHT5KBDqpZaSOMrCY37Whz/+mxWj5:4iChAQz5KsNK6W5/Fx0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
88a404c631aed90145091d17f3e1e34d5936051c1353a529448419f0098dff22.exe

Files

88a404c631aed90145091d17f3e1e34d5936051c1353a529448419f0098dff22.exe
.exe windows:145 windows x64 arch:x64

606fcc5ef5bbb703b1fab8be8812cf57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetEnvironmentVariableA
GetCurrentProcessId
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
WriteConsoleW
HeapSize
GetTimeZoneInformation
DeleteFileW
GetStringTypeW
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
LoadLibraryA
GetLastError
Sleep
CreateToolhelp32Snapshot
TerminateProcess
VirtualAlloc
lstrlenW
GetCurrentProcess
VirtualFree
VirtualProtect
GetEnvironmentStringsW
GetCommandLineW
Process32First
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FreeLibrary
FindClose
GetFullPathNameW
GetCurrentDirectoryW
SetEndOfFile
SetStdHandle
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
CreateProcessW
WaitForSingleObject
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
WriteFile
GetModuleFileNameW
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
RtlUnwind
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryA
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetTickCount
QueryPerformanceCounter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetExitCodeProcess
AllocConsole
CreateProcessA
GetProcAddress
CloseHandle
FindFirstFileExW
Process32Next
EncodePointer
GetCommandLineA
GetModuleFileNameA
RaiseException
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader

user32

ShowWindow
GetWindowThreadProcessId
EnumWindows
MessageBoxA

winspool.drv

ClosePrinter
StartDocPrinterA
OpenPrinterA

advapi32

CryptCreateHash
OpenProcessToken
LookupPrivilegeValueA
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
GetTokenInformation
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
AdjustTokenPrivileges

shell32

ShellExecuteExA

normaliz

IdnToAscii
IdnToUnicode

ws2_32

accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
WSASetLastError
ntohs
WSAGetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
connect
bind

wldap32

ord32
ord211
ord46
ord45
ord143
ord33
ord35
ord41
ord22
ord26
ord217
ord27
ord79
ord30
ord200
ord301
ord60
ord50

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFreeCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore

sensapi

IsDestinationReachableW

avicap32

capCreateCaptureWindowA

bcrypt

BCryptGenRandom

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 174B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

606fcc5ef5bbb703b1fab8be8812cf57

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winspool.drv

advapi32

shell32

normaliz

ws2_32

wldap32

crypt32

sensapi

avicap32

bcrypt

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 181KB - Virtual size: 181KB

.data Size: 5KB - Virtual size: 42KB

.pdata Size: 51KB - Virtual size: 50KB

_RDATA Size: 174B - Virtual size: 162B

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 181KB - Virtual size: 181KB

.data
Size: 5KB - Virtual size: 42KB

.pdata
Size: 51KB - Virtual size: 50KB

_RDATA
Size: 174B - Virtual size: 162B

.reloc
Size: 5KB - Virtual size: 5KB